pkg: allow periods in secret name

This commit replaces `.` characters in Volume names for Secrets with `-` characters. The reason for this is that Volume names must be valid DNS-1123 labels. [0] [0] https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#volume-v1-core. Fixes #1893
2025-04-21 11:48:53 +00:00 · 2018-09-17 15:07:05 +02:00 · 2018-09-17 15:07:05 +02:00 · c1e1add96c
commit c1e1add96c
parent 58c2595d4c
4 changed files with 74 additions and 4 deletions
--- a/pkg/alertmanager/statefulset.go
+++ b/pkg/alertmanager/statefulset.go
@ -28,6 +28,7 @@ import (

 	"github.com/blang/semver"
 	monitoringv1 "github.com/coreos/prometheus-operator/pkg/client/monitoring/v1"
+	"github.com/coreos/prometheus-operator/pkg/k8sutil"
 	"github.com/pkg/errors"
 )

@ -368,7 +369,7 @@ func makeStatefulSetSpec(a *monitoringv1.Alertmanager, config Config) (*appsv1.S
 	}
 	for _, s := range a.Spec.Secrets {
 		volumes = append(volumes, v1.Volume{
-			Name: "secret-" + s,
+			Name: k8sutil.SanitizeVolumeName("secret-" + s),
 			VolumeSource: v1.VolumeSource{
 				Secret: &v1.SecretVolumeSource{
 					SecretName: s,
@ -376,7 +377,7 @@ func makeStatefulSetSpec(a *monitoringv1.Alertmanager, config Config) (*appsv1.S
 			},
 		})
 		amVolumeMounts = append(amVolumeMounts, v1.VolumeMount{
-			Name:      "secret-" + s,
+			Name:      k8sutil.SanitizeVolumeName("secret-" + s),
 			ReadOnly:  true,
 			MountPath: secretsDir + s,
 		})
--- a/pkg/k8sutil/k8sutil.go
+++ b/pkg/k8sutil/k8sutil.go
@ -18,6 +18,8 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"regexp"
+	"strings"
 	"time"

 	crdutils "github.com/ant31/crd-validation/pkg"
@ -29,12 +31,15 @@ import (
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/util/validation"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/discovery"
 	clientv1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/rest"
 )

+var invalidDNS1123Characters = regexp.MustCompile("[^-a-z0-9]+")
+
 // CustomResourceDefinitionTypeMeta set the default kind/apiversion of CRD
 var CustomResourceDefinitionTypeMeta metav1.TypeMeta = metav1.TypeMeta{
 	Kind:       "CustomResourceDefinition",
@ -187,3 +192,14 @@ func NewCustomResourceDefinition(crdKind monitoringv1.CrdKind, group string, lab
 		GetOpenAPIDefinitions: monitoringv1.GetOpenAPIDefinitions,
 	})
 }
+
+// SanitizeVolumeName ensures that the given volume name is a valid DNS-1123 label
+// accepted by Kubernetes.
+func SanitizeVolumeName(name string) string {
+	name = strings.ToLower(name)
+	name = invalidDNS1123Characters.ReplaceAllString(name, "-")
+	if len(name) > validation.DNS1123LabelMaxLength {
+		name = name[0:validation.DNS1123LabelMaxLength]
+	}
+	return strings.Trim(name, "-")
+}
--- a/pkg/k8sutil/k8sutil_test.go
+++ b/pkg/k8sutil/k8sutil_test.go
@ -0,0 +1,52 @@
+// Copyright 2016 The prometheus-operator Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package k8sutil
+
+import "testing"
+
+func Test_SanitizeVolumeName(t *testing.T) {
+	cases := []struct {
+		name     string
+		expected string
+	}{
+		{
+			name:     "@$!!@$%!#$%!#$%!#$!#$%%$#@!#",
+			expected: "",
+		},
+		{
+			name:     "NAME",
+			expected: "name",
+		},
+		{
+			name:     "foo--",
+			expected: "foo",
+		},
+		{
+			name:     "foo^%#$bar",
+			expected: "foo-bar",
+		},
+		{
+			name:     "fOo^%#$bar",
+			expected: "foo-bar",
+		},
+	}
+
+	for i, c := range cases {
+		out := SanitizeVolumeName(c.name)
+		if c.expected != out {
+			t.Errorf("expected test case %d to be %q but got %q", i, c.expected, out)
+		}
+	}
+}
--- a/pkg/prometheus/statefulset.go
+++ b/pkg/prometheus/statefulset.go
@ -28,6 +28,7 @@ import (

 	"github.com/blang/semver"
 	monitoringv1 "github.com/coreos/prometheus-operator/pkg/client/monitoring/v1"
+	"github.com/coreos/prometheus-operator/pkg/k8sutil"
 	"github.com/pkg/errors"
 )

@ -448,7 +449,7 @@ func makeStatefulSetSpec(p monitoringv1.Prometheus, c *Config, ruleConfigMapName

 	for _, s := range p.Spec.Secrets {
 		volumes = append(volumes, v1.Volume{
-			Name: "secret-" + s,
+			Name: k8sutil.SanitizeVolumeName("secret-" + s),
 			VolumeSource: v1.VolumeSource{
 				Secret: &v1.SecretVolumeSource{
 					SecretName: s,
@ -456,7 +457,7 @@ func makeStatefulSetSpec(p monitoringv1.Prometheus, c *Config, ruleConfigMapName
 			},
 		})
 		promVolumeMounts = append(promVolumeMounts, v1.VolumeMount{
-			Name:      "secret-" + s,
+			Name:      k8sutil.SanitizeVolumeName("secret-" + s),
 			ReadOnly:  true,
 			MountPath: secretsDir + s,
 		})